Privacy Policy

1. Introduction

VRENTAX — Virtual Enterprise Tech ("VRENTAX," "we," "us," or "our") is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, share, and protect personal data in connection with:

• The VRENTAX corporate website at vrentax.com
• The Velora salon management SaaS platform and all associated applications
• Any future software products, web applications, or mobile applications launched under the VRENTAX brand

This Policy applies to all users of VRENTAX Services, including website visitors, business clients, and end users of VRENTAX SaaS platforms. By using any VRENTAX Service, you acknowledge that you have read and understood this Privacy Policy.

VRENTAX operates primarily in Qatar and Lebanon and complies with Qatar's Personal Data Protection Law (Law No. 13 of 2016) and, where applicable, Lebanon's Law No. 81 (2018) on Electronic Transactions and Personal Data Protection.

2. Information We Collect

2.1 Corporate Website (vrentax.com)

When you visit vrentax.com or interact with our marketing pages, we may collect:

2.2 SaaS Platform Users (e.g. Velora)

When you or your business uses a VRENTAX SaaS platform, we process data on your behalf as a data processor. This data belongs to you as the data controller. The categories of data processed include:

2.3 Sensitive Data

Allergy profiles and health-related notes stored within VRENTAX SaaS platforms may constitute sensitive personal data under applicable law. Such data is collected exclusively because it is necessary for the safe delivery of beauty and personal care services. VRENTAX processes this data solely on the documented instruction of the Client (data controller) and does not use this data for any other purpose.

2.4 Data We Do Not Collect

• We do not collect or store full payment card numbers, CVVs, or bank PINs. All payment processing is handled by third-party providers (Stripe, PayTabs) who are PCI-DSS compliant.
• We do not collect data from children under the age of 18 intentionally through our corporate website.

3. How We Use Your Information

We use the data we collect for the following purposes:

• Providing, operating, and maintaining the Services
• Processing payments, managing Subscriptions, and sending billing communications
• Responding to enquiries, support requests, and complaints
• Sending product updates, security alerts, and administrative notices
• Analysing usage patterns to improve platform performance and user experience
• Detecting, preventing, and addressing fraud, security incidents, and technical issues
• Complying with legal obligations in Qatar, Lebanon, and other applicable jurisdictions
• Enforcing our Terms of Service and other legal agreements

VRENTAX does not use your data for targeted advertising or sell your data to third parties for marketing purposes.

4. AI-Powered Features

Certain VRENTAX SaaS platforms incorporate artificial intelligence features that may process Client Data to generate business insights, identify at-risk customers, suggest rebooking intervals, generate automated responses, or provide operational recommendations. These features use AI models provided by Anthropic (Claude AI).

When AI features process Client Data:

• Data is transmitted to Anthropic's API solely for the purpose of generating the requested output.
• Client Data is not used to train or improve Anthropic's AI models (subject to Anthropic's applicable API terms, which prohibit training on API inputs by default).
• AI-generated outputs are advisory in nature and are not a substitute for professional business, medical, or legal advice.
• You may disable AI features within the platform settings where such options are available.

5. Legal Basis for Processing

VRENTAX processes personal data on the following legal bases:

6. Third-Party Services and Data Sharing

VRENTAX uses the following third-party services that may process personal data on our behalf. Each is bound by a data processing agreement or equivalent contractual obligations:

VRENTAX does not sell, rent, or trade personal data with any third party for commercial purposes. We may disclose personal data where required by law, court order, or regulatory authority, or to protect the rights, property, or safety of VRENTAX, its users, or the public.

7. Data Retention

7.1 Corporate Website Data

Contact form submissions are retained for up to twelve (12) months from the date of submission, or until the associated commercial relationship is concluded, whichever is later.

7.2 SaaS Platform Data

Client Data stored within VRENTAX SaaS platforms is retained for the duration of the active Subscription. Following cancellation or termination of a Subscription, Client Data is retained for ninety (90) days to allow the Client to export their data upon request. After the ninety (90) day retention period, all Client Data is permanently and irreversibly deleted from VRENTAX systems.

7.3 Backup and Log Data

Automated system backups containing Client Data may persist in encrypted form for up to thirty (30) days beyond the standard retention period before being overwritten. System access logs and security logs are retained for up to twelve (12) months for security monitoring purposes.

7.4 Legal Holds

Notwithstanding the above, VRENTAX may retain data for longer periods where required by applicable law, regulation, or court order, or where data is reasonably necessary in connection with pending or anticipated legal proceedings.

8. Data Security

VRENTAX implements commercially reasonable technical and organisational security measures designed to protect personal data against unauthorised access, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of sensitive data at rest
• Role-based access controls limiting staff access to personal data on a need-to-know basis
• Regular security assessments and vulnerability monitoring
• Multi-factor authentication options for platform accounts
• Secure API key management and credential rotation practices

No method of electronic transmission or storage is completely secure. While we strive to protect your data, VRENTAX cannot guarantee absolute security. In the event of a data breach that is likely to result in significant risk to affected individuals, VRENTAX will notify the relevant regulatory authorities and affected Clients without undue delay, in accordance with applicable law.

9. Your Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right of Rectification: Request correction of inaccurate or incomplete personal data.
• Right of Erasure: Request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, subject to legal retention obligations.
• Right to Object: Object to the processing of your personal data based on legitimate interests.
• Right to Restrict Processing: Request that we limit the processing of your personal data in certain circumstances.
• Right to Data Portability: Receive a copy of your data in a structured, machine-readable format, where technically feasible.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.

To exercise any of these rights, please submit a written request to privacy@vrentax.com. VRENTAX will respond within thirty (30) days. We may need to verify your identity before processing your request.

10. International Data Transfers

VRENTAX's primary operations are based in Qatar and Lebanon. However, some of our third-party service providers (including Anthropic, Cloudinary, Stripe, and Google) operate infrastructure in jurisdictions outside Qatar and Lebanon, including the United States and the European Union.

When we transfer personal data internationally, we take steps to ensure adequate protection is in place, including: reliance on standard contractual clauses, data processing agreements with service providers, and assessment of the laws and practices of the destination country. We only transfer data to providers that offer equivalent levels of data protection.

11. Children's Privacy

The VRENTAX corporate website and SaaS platforms are designed for use by businesses and adult professionals. We do not knowingly collect personal data from individuals under the age of 18 through our corporate services. If you believe that a minor has submitted personal data to us, please contact us at privacy@vrentax.com and we will take steps to delete such data promptly.

Note that VRENTAX SaaS platforms may be used by Client businesses to store records of minor customers (such as in the context of youth sports academy management). In such cases, the Client business, as data controller, is responsible for obtaining appropriate parental or guardian consent in accordance with applicable law.

12. Cookies

For detailed information about how VRENTAX uses cookies and similar tracking technologies on vrentax.com, please refer to our Cookie Policy.

13. Changes to This Privacy Policy

VRENTAX may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. When we make material changes, we will notify you by updating the effective date at the top of this Policy and, where appropriate, by sending an email notification to the address associated with your account. Your continued use of the Services after the effective date of any update constitutes acceptance of the revised Policy. We encourage you to review this Policy periodically.

14. Contact and Complaints

If you have questions, concerns, or complaints regarding this Privacy Policy or VRENTAX's data practices, please contact: